According to research from cybersecurity firm Hold Security, the vast majority of leaked login credentials relate to Mail.ru, Russia's most popular email service.
It's one of the biggest uncovered stashes of stolen login credentials in internet history, and users are rightly worried.
Hold Security claims it came across the database on a Russian hacker forum, where one user was bragging that he had obtained the details for around 1.17 billion email accounts.
After combing through the database, the firm found the real number was much smaller, but some companies have still been badly hit. The cache reportedly contains 57 million Mail.ru accounts, affecting a majority of the service's 64 million active users.
Stolen passwords can fetch a good price on the black market, but the Russian hacker was only asking for 50 roubles (around 52p) for the entire trove. He eventually handed the cache over to Hold Security researchers after they said they would post favourable comments about him on the internet, to stay in line with their policy of never paying for stolen data.
Speaking to the news agency, Hold Security founder Alex Holden said: "This information is potent. It is floating around in the underground and this person had shown he's willing to give the data away to people who are nice to him."
"These credentials can be abused multiple times," he added.
The stolen logins can obviously be used to access email accounts, but users who tend to have the same password for multiple websites are even more vulnerable.
Now, Mail.ru is analysing the password database, to check if the entries actually match up to user accounts.
A Microsoft spokesperson said: "Unfortunately, there are places on the internet where leaked and stolen credentials are posted, and when we come across these or someone sends them to us, we act to protect customers. Microsoft has security measures in place to detect account compromise and requires additional information to verify the account owner and help them regain sole access to their account.”
The Independent has contacted Google and Yahoo for comment.
Join our commenting forum
Join thought-provoking conversations, follow other Independent readers and see their replies